openFPGALoader Heap Buffer Overflow Vulnerability in BitParser Component

A heap buffer overflow vulnerability has been identified in openFPGALoader versions through 3429d34. The issue arises in the BitParser::parseHeader() function, where the absence of proper bounds checking allows for out-of-bounds access to heap memory when parsing a specially crafted .bit file. This vulnerability does not require any FPGA hardware to be exploited.

Impact

Exploitation of this vulnerability leads to out-of-bounds heap memory access, causing a heap buffer overflow. This type of vulnerability can commonly be exploited to execute arbitrary code or cause a denial-of-service condition by crashing the program. In this case, the vulnerability also poses a supply-chain risk, as a malicious .bit file could be introduced into an FPGA project, triggering the vulnerability when the file is loaded.

Reproduction

The vulnerability can be reproduced by compiling openFPGALoader with AddressSanitizer enabled, which will detect the heap buffer overflow. After compiling the program, a minimal .bit file can be created that exploits the vulnerability by including a length field that causes the parser to read beyond the allocated buffer. This crafted .bit file can then be loaded with openFPGALoader, triggering the vulnerability and causing the program to read from out-of-bounds heap memory.